From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34262) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Wv2rY-00034d-7u for qemu-devel@nongnu.org; Thu, 12 Jun 2014 07:08:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Wv2rT-0002DV-AC for qemu-devel@nongnu.org; Thu, 12 Jun 2014 07:08:08 -0400 Received: from mx1.redhat.com ([209.132.183.28]:16330) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Wv2rT-0002DP-1X for qemu-devel@nongnu.org; Thu, 12 Jun 2014 07:08:03 -0400 Message-ID: <539989F0.9080108@redhat.com> Date: Thu, 12 Jun 2014 13:07:28 +0200 From: Paolo Bonzini MIME-Version: 1.0 References: <1402392027-9164-1-git-send-email-arei.gonglei@huawei.com> <1402392027-9164-5-git-send-email-arei.gonglei@huawei.com> <1402569830.21444.5.camel@nilsson.home.kraxel.org> In-Reply-To: <1402569830.21444.5.camel@nilsson.home.kraxel.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Gerd Hoffmann , arei.gonglei@huawei.com Cc: weidong.huang@huawei.com, luonengjun@huawei.com, qemu-devel@nongnu.org, lcapitulino@redhat.com, av1474@comtv.ru, stefanha@redhat.com Il 12/06/2014 12:43, Gerd Hoffmann ha scritto: > That doesn't fix the reported issue. It's "width" which Coverity thinks > might be zero, not cursor_offset. And cursor_offset being zero is > perfectly fine, happens when the cursor is in the upper left corner. > > I have no idea why Coverity thinks width can be zero there. Line 2047: > > width = (s->cr[VGA_CRTC_H_DISP] + 1); > > (where cr is uint8_t). Hmm, maybe for the wraparound case (i.e. > s->cr[VGA_CRTC_H_DISP] == 0xff)? Not even that, the result is 0x100, math is done on the "int" data type. In fact I don't even see this defect on scan.coverity.com. Paolo